Creating A RESTful API With PHP and MySQL - Kvcodes
X

Congrats, You are Subscribed to Receive Updates.

Creating A RESTful API With PHP and MySQL


API service is one of a important service or feature to every dynamic website. Which will also helps you to share your data’s Among other Website and Devices as well. Creating An API Service is easy to make and provide access to outsiders with help of my code. Creating A RESTful API With PHP and MySQL is quite easy,if you follow the steps.

Introduction

When I was started using others API code, I feel its not easy to understand. So I have coded myself with help of Arunkumar who helped to for the base of  API knowledge and few other Sources helped me to know more about it. Also I have tried with Slim framework. But Slim  consumes extra running amount of time and that’s another reason for making my own small RESTful API. I hope you will like my API. if you really Enjoyed Please Subscribe and follow me on social medias to get more updates. Also if you wish to donate, Please contact me directly.

Creating-A-RESTful-API-With-PHP-and-MySQL

Creating A RESTful API With PHP and MySQL

Also I am providing downloadable source code your reference.  You can also use it on your own projects.  Let’s Create the API class.

<?php
 /* File : kv_restful_api.php
 * Author : Kvvaradha
 * Website: www.kvcodes.com
 * email : admin@kvcodes.com
 */
 class REST {
 
	public $_allow = array();
 	public $_content_type = "application/json";
 	public $_request = array();
 
 	private $_method = ""; 
 	private $_code = 200;
 
 	public function __construct(){
 		$this->inputs();
 	}
 
 	public function get_referer(){
 		return $_SERVER['HTTP_REFERER'];
 	}
 
 	public function response($data,$status){
 		$this->_code = ($status)?$status:200;
 		$this->set_headers();
 		echo $data;
 		exit;
 	}
 
 	private function get_status_message(){
 		$status = array(
 			100 => 'Continue', 
 			101 => 'Switching Protocols', 
 			200 => 'OK',
 			201 => 'Created', 
 			202 => 'Accepted', 
 			203 => 'Non-Authoritative Information', 
 			204 => 'No Content', 
 			205 => 'Reset Content', 
 			206 => 'Partial Content', 
 			300 => 'Multiple Choices', 
 			301 => 'Moved Permanently', 
 			302 => 'Found', 
 			303 => 'See Other', 
 			304 => 'Not Modified', 
 			305 => 'Use Proxy', 
 			306 => '(Unused)', 
 			307 => 'Temporary Redirect', 
 			400 => 'Bad Request', 
 			401 => 'Unauthorized', 
 			402 => 'Payment Required', 
 			403 => 'Forbidden', 
 			404 => 'Not Found', 
  			405 => 'Method Not Allowed', 
  			406 => 'Not Acceptable', 
  			407 => 'Proxy Authentication Required', 
  			408 => 'Request Timeout', 
  			409 => 'Conflict', 
 			410 => 'Gone', 
  			411 => 'Length Required', 
  			412 => 'Precondition Failed', 
  			413 => 'Request Entity Too Large', 
  			414 => 'Request-URI Too Long', 
  			415 => 'Unsupported Media Type', 
  			416 => 'Requested Range Not Satisfiable', 
 			417 => 'Expectation Failed', 
 			500 => 'Internal Server Error', 
  			501 => 'Not Implemented', 
  			502 => 'Bad Gateway', 
  			503 => 'Service Unavailable', 
  			504 => 'Gateway Timeout', 
  			505 => 'HTTP Version Not Supported');
  			return ($status[$this->_code])?$status[$this->_code]:$status[500];
  	}
 
  	public function get_request_method(){
  	  	return $_SERVER['REQUEST_METHOD'];
  	}
 
   	private function inputs(){
   	  	switch($this->get_request_method()){
   	  	  	case "POST":
   	  	  	  	  $this->_request = $this->cleanInputs($_POST);
    	  	  	   	  break;
    	  	  	case "GET":
    	  	  	case "DELETE":
    	  	  	  	  $this->_request = $this->cleanInputs($_GET);
    	  	  	break;
    	  	  	case "PUT":
    	  	  	  	  parse_str(file_get_contents("php://input"),$this->_request);
    	  	  	  	  $this->_request = $this->cleanInputs($this->_request);
    	  	  	break;
    	  	  	default:
    	  	  	  	  $this->response('',406);
   	  	  	 break;
   	  	 }
   	 } 
 
    	 public function cleanInputs($data){
    	    	 $clean_input = array();
    	    	 if(is_array($data)){
    	    	    	 foreach($data as $k => $v){
    	    	    	    	 $clean_input[$k] = $this->cleanInputs($v);
    	    	    	 }
    	    	 }else{
    	    	    	 if(get_magic_quotes_gpc()){
    	    	    	    	 $data = trim(stripslashes($data));
    	    	    	 }
    	    	    	 $data = strip_tags($data);
   	    	    	  $clean_input = trim($data);
    	    	 }
    	    	 return $clean_input;
    	 } 
 
    	 private function set_headers(){
    	    	 header("HTTP/1.1 ".$this->_code." ".$this->get_status_message());
    	    	 header("Content-Type:".$this->_content_type);
   	 }
 } 
?>

This is a base class for our API Service. And Now,  Let’s extend it  and make our API Class which will be the main file to call and work on.

RESTful API PHP Class

This is the code for API. We are writing functions of API to query the database and provide necessary details to it.

 <?php 
/* File : kv_api.php
 * Author : Kvvaradha
 * Website: www.kvcodes.com
 * email : admin@kvcodes.com
 */
 require_once("kv_restful_api.php");

 class API extends REST {
 
 public $data = ""; 
 
 private $db = NULL;

 public $login_id = NULL;
 
 public function __construct(){
 parent::__construct(); // Init parent contructor
 $this->dbConnect(); // Initiate Database connection
 }
 
 /*
 * Database connection 
 */
 private function dbConnect(){
 $cvars = new cleanto_myvariable();
 $this->db = mysqli_connect(trim($cvars->hostnames),trim($cvars->username),trim($cvars->passwords), trim($cvars->database)); 
 }
 
 /*
 * Public method for access api.
 * This method dynmically call the method based on the query string
 */
 public function processApi(){
 $func = strtolower(trim(str_replace("/","",$_REQUEST['rquest'])));
 if((int)method_exists($this,$func) > 0)
 $this->$func();
 else
 $this->response('',404); // If the method not exist with in this class, response would be "Page not found".
 }
 
 /* 
 * Simple login API
 * Login must be POST method 
 */
 public function login(){ // Cross validation if the request method is POST else it will return "Not Acceptable" status
 if($this->get_request_method() != "POST"){
 $this->response('',406);
 }
 
 $email = $this->_request['email']; 
 $password = $this->_request['pwd'];
 $return = null;
 if(!empty($email) and !empty($password)){
 if(filter_var($email, FILTER_VALIDATE_EMAIL)){
 $sql = mysqli_query($this->db, "SELECT id FROM `ct_admin_info` WHERE email = '".$email."' AND password = '".md5($password)."' LIMIT 1");
 if(mysqli_num_rows($sql) > 0){
 $result = mysqli_fetch_array($sql,MYSQL_NUM); 
 $return = $result[0];
 }
 }
 } 
 return $return ;
 }

 function GetAll(){

 if($this->login() > 0){ // $this->response($this->json(array("id" => $this->login() )), 400);
 $table_name = $this->_request['table']; 
 if(isset($this->_request['conditions']))
 $conditions = $this->_request['conditions']; 
 else 
 $conditions = null;

 if(isset($this->_request['order_by']))
 $order_by = $this->_request['order_by']; 
 else 
 $order_by = null; 

 $sql0 = "SELECT * FROM ".$table_name." WHERE 1=1";
 if($conditions != null) {
 foreach($conditions as $key=>$value){
 $sql0 .= " AND {$key} = '${value}'";
 }
 }
 if($order_by != null) {
 $sql0 .=" ORDER BY ";
 foreach($order_by as $key=>$value){
 $sql0 .= " {$key} ${value}";
 }
 } // echo $sql0;
 $sql = mysqli_query($this->db, $sql0); 
 if(mysqli_num_rows($sql) > 0){
 while($row = mysqli_fetch_array($sql, MYSQLI_ASSOC)){
 $result[] = $row;
 } 
 $this->response($this->json($result), 200);
 }
 }else{
 $error = array('status' => "Failed", "msg" => "Sorry You are not authenticated.");
 $this->response($this->json($error), 400);
 }
 
 $this->response('', 204); // If no records "No Content" status
 $error = array('status' => "Failed", "msg" => "Sorry It's Not Working");
 $this->response($this->json($error), 400);
 }
 function KvQuery(){
 if($this->login() > 0){ // $this->response($this->json(array("id" => $this->login() )), 400);
 $sql0 = $this->_request['sql']; 

 $firstWord = explode(' ',trim($sql0))[0];
 $FirstWord = strtolower($firstWord);

 $sql = mysqli_query($this->db, $sql0) or mysqli_error($this->db); 
 // $this->response($FirstWord);
 if($FirstWord == 'insert'){
 if(mysqli_insert_id($this->db) > 0){ 
 $this->response($this->json(array( 'inserted_id' => mysqli_insert_id($this->db))), 200);
 }
 }
 if($FirstWord == 'update' || $FirstWord == 'delete'){
 if(mysqli_affected_rows($this->db) >= 0){ 
 $this->response($this->json(array( 'updated_id' => mysqli_affected_rows($this->db))), 200);
 }
 }
 if($FirstWord == 'select'){
 if(mysqli_num_rows($sql) > 0){
 while($row = mysqli_fetch_array($sql, MYSQLI_ASSOC)){
 $result[] = $row;
 } 
 $this->response($this->json($result), 200);
 }
 } 
 }else{
 $error = array('status' => "Failed", "msg" => "Sorry You are not authenticated.");
 $this->response($this->json($error), 400);
 }
 
 //$this->response('', 204); // If no records "No Content" status
 $error = array('status' => "Failed", "msg" => "Sorry It's Not Working");
 $this->response($this->json($error), 400);
 }

 function GetRow(){
 if($this->login() > 0){
 $table_name = $this->_request['table']; 
 $conditions = $this->_request['conditions'];
 if(isset($this->_request['order_by']))
 $order_by = $this->_request['order_by']; 
 else 
 $order_by = null; 
 $sql0 = "SELECT * FROM ".$table_name." WHERE 1=1";
 if($conditions != null) {
 foreach($conditions as $key=>$value){
 $sql0 .= " AND {$key} = '${value}'";
 }
 }
 if($order_by != null) {
 $sql0 .=" ORDER BY ";
 foreach($order_by as $key=>$value){
 $sql0 .= " {$key} ${value}";
 }
 } // echo $sql0;
 $sql0 .= " LIMIT 1"; 
 $sql = mysqli_query($this->db, $sql0); 
 if(mysqli_num_rows($sql) > 0){
 if($row = mysqli_fetch_array($sql, MYSQLI_ASSOC)) 
 $this->response($this->json($row), 200);
 else
 $this->response(array('status' => "Failed", "msg" => "Sorry It's Not Working"), 400);
 }
 //$this->response('', 204); // If no records "No Content" status
 $error = array('status' => "Failed", "msg" => "Sorry It's Not Working");
 $this->response($this->json($error), 400);
 }else{
 $error = array('status' => "Failed", "msg" => "Sorry You are not authenticated.");
 $this->response($this->json($error), 400);
 }
 }

 function GetSingleValue(){
 if($this->login() > 0){
 $tablename = $this->_request['table']; 
 $email = $this->_request['email']; 
 $password = $this->_request['pwd'];
 $column_single = $this->_request['column_single']; 
 if(isset($this->_request['conditions']))
 $conditions = $this->_request['conditions'];
 else
 $conditions = null; 

 $sql0 = "SELECT ".$column_single." FROM ".$tablename." WHERE 1=1";
 if($conditions != null) {
 foreach($conditions as $key=>$value){
 if(is_numeric($value))
 $sql0 .= " AND {$key} = ${value}";
 else
 $sql0 .= " AND {$key} = '${value}'";
 }
 } 
 $sql = mysqli_query($this->db, $sql0); 
 if(mysqli_num_rows($sql) > 0){
 if($row = mysqli_fetch_array($sql, MYSQLI_ASSOC)) 
 $this->response($this->json($row), 200);
 else
 $this->response(array('status' => "Failed", "msg" => "Sorry It's Not Working"), 400);
 }
 //$this->response('', 204); // If no records "No Content" status
 $error = array('status' => "Failed", "msg" => "Sorry It's Not Working");
 $this->response($this->json($error), 400);
 }else{
 $error = array('status' => "Failed", "msg" => "Sorry You are not authenticated.");
 $this->response($this->json($error), 400);
 }
 }

 function Delete(){
 if($this->login() > 0){
 $table_name = $this->_request['table']; 
 $conditions = $this->_request['conditions'];

 $sql0 = "DELETE FROM ".$table_name." WHERE 1=1";
 foreach ($conditions as $key=>$value) {
 if(is_numeric($value))
 $sql0 .= " AND ".$key."=".$value;
 else
 $sql0 .= " AND ".$key."='".$value."'";
 }
 $sql = mysqli_query($this->db, $sql0);
 if(mysqli_affected_rows($this->db) > 0){ 
 $this->response($this->json(array( 'Delete Count' => mysqli_affected_rows($this->db))), 200);
 }
 //$this->response('', 204);
 $error = array('status' => "Failed", "msg" => "Failed To Delete");
 $this->response($this->json($error), 400);
 }else{
 $error = array('status' => "Failed", "msg" => "Sorry You are not authenticated.");
 $this->response($this->json($error), 400);
 }
 }
 
 /*
 * Inserting...
 */
 function Insert(){
 if($this->login() > 0){
 $table_name = $this->_request['table']; 
 $data = $this->_request['data'];

 $sql0 = "INSERT INTO ".$table_name." (";
 $sql1 = " VALUES (";
 foreach($data as $key=>$value){
 $sql0 .= $key.",";
 if(is_array($value)) { 
 if($value[1] == 'date') 
 $sql1 .= $this->db_escape($value[0]).",";
 if($value[1] == 'float')
 $sql1 .= $value.",";
 }else{
 if(is_numeric($value))
 $sql1 .= $value.", ";
 else
 $sql1 .= $this->db_escape($value).",";
 } 
 }
 $sql0 = substr($sql0, 0, -1).")";
 $sql1 = substr($sql1, 0, -1).")";
 //$string = str_replace('\"', '',$sql0.$sql1);
 $string = stripslashes($sql0.$sql1);
 // $this->response($string, 400);
 $sql = mysqli_query($this->db, $sql0.$sql1);
 if(mysqli_insert_id($this->db) > 0){ 
 $this->response($this->json(array( 'inserted_id' => mysqli_insert_id($this->db))), 200);
 }
 //$this->response('', 204);
 $error = array('status' => "Failed", "msg" => "Failed To Insert ".$string);
 $this->response($this->json($error), 400);
 }else{
 $error = array('status' => "Failed", "msg" => "Sorry You are not authenticated.");
 $this->response($this->json($error), 400);
 }
 }

 /*
 * Update with primary key...
 */
 function Update(){
 if($this->login() > 0){
 $table_name = $this->_request['table']; 
 $data = $this->_request['data'];
 $primary_key = $this->_request['primary_key'];

 $sql0 = "UPDATE ".$table_name." SET ";
 foreach($data as $key=>$value){
 if(is_array($value)) { 
 if($value[1] == 'date') 
 $sql0 .= $key." = ". $this->db_escape($value[0]).",";
 if($value[1] == 'float')
 $sql0 .= $key." = ". $value.",";
 }else{
 if(is_numeric($value))
 $sql0 .= $key." = ".$value.", ";
 else
 $sql0 .= $key." = ". $this->db_escape($value).",";
 }
 }

 $sql0 = substr($sql0, 0, -1);
 $sql0 .= " WHERE ";

 foreach($primary_key as $key=>$value){
 if(is_array($value)) { 
 if($value[1] == 'date') 
 $sql0 .= $key." = ". $this->db_escape($value[0]).",";
 if($value[1] == 'float')
 $sql0 .= $key." = ". $value.",";
 }else{
 if(is_numeric($value))
 $sql0 .= $key." = ". $value." AND ";
 else
 $sql0 .= $key." = ". $this->db_escape($value)." AND ";
 }
 }
 $sql0 = substr($sql0, 0, -4);
 $sql = mysqli_query($this->db, $sql0);
 if(mysqli_affected_rows($this->db) >= 0){ 
 $this->response($this->json(array( 'updated_id' => mysqli_affected_rows($this->db))), 200);
 }
 //$this->response('', 204);
 $error = array('status' => "Failed", "msg" => "Failed To Update ");
 $this->response($this->json($error), 400);
 }else{
 $error = array('status' => "Failed", "msg" => "Sorry You are not authenticated.");
 $this->response($this->json($error), 400);
 } 
 }
 
 public function db_escape($value = "", $nullify = false){ 
 $value = @html_entity_decode($value);
 $value = @htmlspecialchars($value);

 //reset default if second parameter is skipped
 $nullify = ($nullify === null) ? (false) : ($nullify);

 //check for null/unset/empty strings
 if ((!isset($value)) || (is_null($value)) || ($value === "")) {
 $value = ($nullify) ? ("NULL") : ("''");
 } else {
 if (is_string($value)) {
 //value is a string and should be quoted; determine best method based on available extensions
 if (function_exists('mysqli_real_escape_string')) {
 $value = "'" . mysqli_real_escape_string($this->db, $value) . "'";
 } else {
 $value = "'" . mysqli_escape_string($this->db, $value) . "'";
 }
 } else if (!is_numeric($value)) {
 //value is not a string nor numeric
 display_error("ERROR: incorrect data type send to sql query");
 echo '<br><br>';
 exit();
 }
 }
 return $value;
 }

 /*
 * Encode array into JSON
 */
 private function json($data){
 if(is_array($data)){
 return json_encode($data);
 }
 }
 } 
 // Initiiate Library 
 $api = new API;
 $api->processApi();
?>

htaccess

That’s it, We have to create .htaccess file override the url of the file. Let’s see Code for .htaccess file.

<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /api/  #### <------------ Here change your URL. 
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteCond %{REQUEST_FILENAME} !-s
 RewriteRule ^(.*)$ api.php?rquest=$1 [QSA,NC,L]

 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^(.*)$ api.php [QSA,NC,L]

 RewriteCond %{REQUEST_FILENAME} -s
 RewriteRule ^(.*)$ api.php [QSA,NC,L] 
</IfModule>

Now, Our API  class is ready. We have to know how to use it. I will provide it on next article about it.

commenter

About Varadharaj V

The founder of Kvcodes, Varadharaj V is an ERP Analyst and a Web developer specializing in WordPress(WP), WP Theme development, WP Plugin development, Frontaccounting(FA), Sales, Purchases, Inventory, Ledgers, Payroll & HRM, CRM, FA Core Customization, OpenCart Theme Development, PHP, HTML, CSS, jQuery, Bootstrap development and content SEO.

Comment Below

Your email address will not be published. Required fields are marked *

*

Current ye@r *

Menu

Sidebar

Subscribe E-mail Updates

Congrats, You are Subscribed to Receive Updates.

Advertisement

Category Posts